White House Jump-Starts Cybersecurity Protection ProgramsJanuary 23, 2015
As members of the U.S. Congress started to prepare for the upcoming legislative session, President Obama lost little time in putting cybersecurity near the top of a to-do list for lawmakers. During a visit to the federal National Cybersecurity Communications Integration Center, Obama called for additional legislation to improve information technology protection.

Businesses Waste Big Bucks Fighting Phantom CyberattacksJanuary 21, 2015
Businesses spend an average of $1.27 million a year chasing cyberthreats that turn out to be dead ends. That is one of the findings in a report released last week on the cost of containing malware. In a typical week, an organization can receive nearly 17,000 malware alerts, although only 19 percent of them are considered reliable, the researchers found.

Keeping Score in the Google vs. Microsoft Zero-Day GamesJanuary 20, 2015
Google's recent publication of Windows' vulnerabilities -- two within a week -- predictably raised Microsoft's ire. "Risk is significantly increased by publically announcing information that a cybercriminal could use to orchestrate an attack and assumes those that would take action are made aware of the issue," wrote Chris Betz, Microsoft's senior director of trustworthy computing.

Cameron Takes Hard Line on Encrypted CommunicationsJanuary 15, 2015
UK Prime Minister David Cameron, who is standing for re-election, has vowed to ban personal encrypted communications apps such as Snapchat and WhatsApp if he is voted in.
He also will allow UK government security agencies to monitor communications, with warrants signed by the Home Secretary. "The first duty of any government is to keep our country and our people safe," Cameron declared.

Docker Security QuestionedJanuary 15, 2015
Security questions recently have been raised about Docker, a promising technology for running applications in the cloud. Docker is an open source initiative that allows applications to be run in containers for flexibility and mobility only dreamt of in the past. "Since the 70s, programmers have been talking about reusable code and the ability to migrate applications," noted IDC analyst Al Gillen.

Sony Sortie's Smoking Gun Still MissingJanuary 14, 2015
Recent research from security firm Cloudmark has raised doubt about the purported connection between North Korea and last November's intrusion on Sony Pictures Entertainment's computer networks. The FBI last week continued to press its case that North Korea was behind the cyberattack, pointing to an exposed block of IP addresses allocated to North Korea.

The Convoluted Trail Linking North Korea to SonyJanuary 13, 2015
FBI Director James Comey has "very high confidence" that North Korea was behind last November's cyberattack on Sony, he said last week at Fordham University. New evidence of the link includes documentation of the hackers' failure to cover their tracks with proxy servers on several occasions, Comey said. Several times they got "sloppy" and exposed their home IP addresses.

Data Breach Law Tops Obama Privacy InitiativesJanuary 12, 2015
A proposed national data breach reporting law, aimed primarily at protecting consumer privacy, headlined several initiatives the Obama administration announced Monday. The Personal Data Notification & Protection Act clarifies the obligations of companies when there's been a data breach. It includes a requirement to notify customers within 30 days of the discovery of a breach.

Fingerprint Theft Just a Shutter Click AwayJanuary 07, 2015
Ever since smartphone makers started incorporating fingerprint scanners as a means of unlocking mobile phones, the Chaos Computer Club has attacked the technology with vigor. Not long after Apple added Touch ID to its iPhones, the German hackers demonstrated how to lift prints from a surface and create a flexible pad containing the print that could be used to break into a phone.

Google Outs Unpatched Windows 8.1 Kernel FlawJanuary 06, 2015
Microsoft got a fiery start to 2015 when Google last week publicized a kernel vulnerability in Windows 8.1 Update. Google Project Zero's James Forshaw, who discovered the flaw, ranked it as a high-severity issue. Although Forshaw reported it to Microsoft last September, the company had not yet fixed the problem when Google published it. The vulnerability lets people falsely pose as administrators.

Writers Worldwide Chilled by Government SurveillanceJanuary 06, 2015
Concern over government surveillance has been so heightened by confidential information leaked by former intelligence hand Edward Snowden that writers in free countries are as worried as those in autocratic nations, according to a new report. Three-quarters of writers in countries classified as "free" told researchers they were "worried" or "somewhat worried" about surveillance.

Yikes! Ransomware Could Take Over Your Hard DriveJanuary 05, 2015
Malware is running rampant on the Internet, affecting smartphones, tablets and PCs. Relatively new malware allows bad guys to encrypt devices until a ransom is paid. Usually the ransom is required in bitcoin, rather than U.S. currency, as it cannot be traced. What are the legal and other risks associated with ransomware? Ransomware is largely directed at personal devices and small businesses.

Hackers Give Touch ID the FingerDecember 29, 2014
Hacker Jan Krissler, aka "Starbug," this weekend told attendees at the 31st Chaos Computer Club convention that he had replicated the fingerprints of German Defense Minister Ursula von der Leven using a standard photo camera and commercially available software. Krissler used a close-up of a photo of the minister's thumb and other pictures taken at different angles during a press event in October.

Misfortune Cookie Crumbles Millions of Security SystemsDecember 29, 2014
Check Point Software Technologies recently revealed a flaw in millions of routers that allows the devices to be controlled by hackers. The company detected 12 million Internet-connected devices that have the flaw. The vulnerability, which Check Point dubbed "Misfortune Cookie," can be found in the code of a commonly used embedded Web server, RomPager from AllegroSoft.

The Big Tech Stories of 2015December 29, 2014
Last week, we looked back at the largely untold, or under told, stories of 2014. This week, let's look ahead to some of the stories that are coming in 2015. We'll have robots, self-driving cars, armed autonomous drones, the professional proliferation of head mounted cameras, some scandals, and some interesting political implications. I'll close with my product of the year, which even surprised me.

US Mulls Response to Sony HackDecember 19, 2014
Department of Homeland Security Secretary Jeh Johnson on Thursday said the United States "is actively considering a range of options" to take in response to the Sony hack. The hack is "very serious," Johnson said, though he refused to label it as a terrorist attack. There has been widespread suspicion that North Korea engineered the hack. The FBI is investigating.

Terrorist Threats May Blow Up 'The Interview's' Box OfficeDecember 17, 2014
The now-notoriously controversial action comedy The Interview, which was expected to deliver profits of $90-$95 million for Sony, may have become a financial black hole. The movie's Thursday premiere in New York has been cancelled, and several movie theater chains have scrapped plans to screen it, following a hacker message referencing 9/11 and threatening physical attacks on theaters.

FIDO Pursues Vision of a Password-Free WorldDecember 17, 2014
A group of some 150 companies last week moved closer to eliminating the bane of many an online user: the ubiquitous password. The FIDO Alliance, which counts among its members Microsoft, PayPal, Google, Bank of America, Visa and MasterCard, released version 1.0 of its open specifications for strong authentication on the Internet without the use of passwords.

No Respite for SonyDecember 12, 2014
Since the hacker group calling itself "Guardians of Peace" announced its attack on Sony Pictures Entertainment late last month, things have gone downhill for the company. After confidential documents were leaked to the Internet over several days, a denouement of sorts was reached last week, when a security company examining the stolen data discovered nearly 50,000 Social Security numbers.

FIDO Alliance Launches 'Password Killer' SpecDecember 11, 2014
The Google-supported FIDO Alliance this week achieved a key milestone in its mission to end the use of passwords by releasing version 1.0 of its namesake open standard. "Today, we celebrate an achievement that will define the point at which the old world order of passwords and PINs started to wither and die," said Michael Barrett, president of the alliance. FIDO stands for "Fast IDentity Online."

Dashlane, LastPass Promise Easy Password ChangingDecember 10, 2014
Two password manager makers on Tuesday announced new features that allow their users to minimize the hassle of resetting passwords. One of the first things online users are advised to do after a data breach -- and there have been more than few of those lately -- is to change their passwords. Few users act on that advice, though, because password changing is too onerous.

Turla Trojan Unearthed on LinuxDecember 09, 2014
Turla, a Trojan that has infected hundreds of 32- and 64-bit Windows computers at government institutions, embassies, military installations, educational institutions, and research and pharmaceutical companies over the years, has been found on Linux systems, Kaspersky Lab reported. The company has discovered two variants of the malware running on Linux.